Full Report
Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as PAR or PSM format, and by a DLL hijacking vulnerability. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a new version for Solid Edge SE2024 and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Multiple File Parsing and DLL Hijacking Vulnerabilities in Siemens Solid Edge
## CVE Details
- **CVE ID:** CVE-2024-47940, CVE-2024-47941, CVE-2024-47942
- **CVSS Score:** 7.8 (High) - CVSS v3.1
- **CWE:** CWE-125 (Out-of-bounds Read), CWE-427 (Uncontrolled Search Path Element)
## Affected Systems
- **Products:** Siemens Solid Edge SE2024
- **Versions:** All versions prior to V224.0 Update 9
- **Configurations:** Systems where users are permitted to open external file formats (PAR/PSM) or where local directory write access is loosely controlled.
## Vulnerability Description
The advisory covers three distinct vulnerabilities:
1. **CVE-2024-47940 & CVE-2024-47941:** These are memory corruption flaws occurring during the parsing of specially crafted PSM and PAR files, respectively. The application performs an out-of-bounds read past the end of an allocated structure, which can lead to information disclosure or arbitrary code execution.
2. **CVE-2024-47942:** This is a DLL hijacking vulnerability. The application fails to properly validate search paths when loading dynamic link libraries, allowing an attacker to place a malicious DLL in a directory searched by the application (such as the working directory).
## Exploitation
- **Status:** Not exploited (No reported "in-the-wild" activity in advisory)
- **Complexity:** Medium (Requires user interaction and/or local placement of files)
- **Attack Vector:** Local (Attacker must provide a crafted file to a user or have local access to the filesystem)
## Impact
- **Confidentiality:** High (Potential for arbitrary code execution and data theft)
- **Integrity:** High (Potential for unauthorized modification of system files/data)
- **Availability:** High (Potential for application crashes or total system compromise)
## Remediation
### Patches
- **Solid Edge SE2024:** Update to **V224.0 Update 9** or later.
- Patches are available via the Siemens Support portal: hxxps://support[.]sw[.]siemens[.]com/product/246738425/
### Workarounds
- **Strict File Handling:** Do not open PAR or PSM files received from untrusted or unknown sources.
- **Directory Permissions:** Ensure users do not have write access to the Solid Edge installation directory or other directories in the system's DLL search path to mitigate hijacking.
## Detection
- **Indicators of Compromise:** Presence of unexpected `.dll` files in common document folders or the application directory; unusual application crashes when opening CAD files.
- **Detection methods and tools:** Monitor process behavior for Solid Edge (`Edge.exe`) loading DLLs from suspicious or non-standard paths. Use EDR tools to flag the creation of PAR/PSM files by unknown external actors.
## References
- **Vendor Advisory:** SSA-351178 (hxxps://cert-portal[.]siemens[.]com/productcert/pdf/ssa-351178[.]pdf)
- **Siemens Industrial Security:** hxxps://www[.]siemens[.]com/industrialsecurity
- **General Security Recommendations:** hxxps://www[.]siemens[.]com/cert/operational-guidelines-industrial-security